Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What do you have in the history that’s sensitive? Keys, passwords should not be in shell history anyways (e.g. I delete them from bash history if I enter by mistake)


Shell history is wiped out after user logged out for a reason. More details are here - https://www.securityhq.com/blog/security-101-dont-bash-your-....


Please read the page you linked; it’s flushed to a file, not wiped.


It is not. I definitely use months-old bash history through !? shortcuts.


I don't think it's that unusual. What comes to mind immediately is it's not unusual for me to clone something from a private git repo, where a username+password would be needed for permissions. In which case it's possible to put in `git clone http://username:password@example.com` or another git command that interacts with remotes. (To be clear the "password" is typically a token and not human generated string, but still functions like a password).


For that example: Any reason the server doesn’t just have an SSH server? Then you can use `git clone` in the “usual way”, using SSH certificate authentication.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: